Lucene search

MediaTekCVE-2024-20083

HistoryAug 14, 2024 - 3:15 a.m.

CVE-2024-20083

2024-08-1403:15:04

CWE-787

MediaTek

web.nvd.nist.gov

venc

out of bounds write

local privilege escalation

system execution privileges

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.5%

JSON

In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

Affected configurations

Vulners

Node

googleandroidRange<12.0

mediatekmt6765

mediatekmt6768

mediatekmt6779

mediatekmt6785

mediatekmt8321

mediatekmt8385

mediatekmt8666

mediatekmt8667

mediatekmt8755

mediatekmt8765

mediatekmt8766

mediatekmt8768

mediatekmt8771

mediatekmt8775

mediatekmt8781

mediatekmt8786

mediatekmt8788

mediatekmt8789

mediatekmt8791t

mediatekmt8792

mediatekmt8795t

mediatekmt8796

mediatekmt8797

mediatekmt8798

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt6765*cpe:2.3:a:mediatek:mt6765:*:*:*:*:*:*:*:*
mediatekmt6768*cpe:2.3:a:mediatek:mt6768:*:*:*:*:*:*:*:*
mediatekmt6779*cpe:2.3:a:mediatek:mt6779:*:*:*:*:*:*:*:*
mediatekmt6785*cpe:2.3:a:mediatek:mt6785:*:*:*:*:*:*:*:*
mediatekmt8321*cpe:2.3:a:mediatek:mt8321:*:*:*:*:*:*:*:*
mediatekmt8385*cpe:2.3:a:mediatek:mt8385:*:*:*:*:*:*:*:*
mediatekmt8666*cpe:2.3:a:mediatek:mt8666:*:*:*:*:*:*:*:*
mediatekmt8667*cpe:2.3:a:mediatek:mt8667:*:*:*:*:*:*:*:*
mediatekmt8755*cpe:2.3:a:mediatek:mt8755:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt6765	*	cpe:2.3:a:mediatek:mt6765::::::::
mediatek	mt6768	*	cpe:2.3:a:mediatek:mt6768::::::::
mediatek	mt6779	*	cpe:2.3:a:mediatek:mt6779::::::::
mediatek	mt6785	*	cpe:2.3:a:mediatek:mt6785::::::::
mediatek	mt8321	*	cpe:2.3:a:mediatek:mt8321::::::::
mediatek	mt8385	*	cpe:2.3:a:mediatek:mt8385::::::::
mediatek	mt8666	*	cpe:2.3:a:mediatek:mt8666::::::::
mediatek	mt8667	*	cpe:2.3:a:mediatek:mt8667::::::::
mediatek	mt8755	*	cpe:2.3:a:mediatek:mt8755::::::::

Rows per page:

1-10 of 251

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6765, MT6768, MT6779, MT6785, MT8321, MT8385, MT8666, MT8667, MT8755, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8792, MT8795T, MT8796, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/August-2024

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-20083